Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 03-05-2017 01 Uruchomiony przez Positive_Michal J (administrator) POSITIVE-MICHAL (04-05-2017 09:24:53) Uruchomiony z C:\Users\Positive_Michal J\Downloads Załadowane profile: Positive_Michal J (Dostępne profile: Positive_Michal J) Platform: Windows 10 Pro Wersja 1607 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (Dell) C:\Users\Positive_Michal J\AppData\Local\Apps\2.0\458J2XEG.5AH\XEHJM30Q.X30\dell..tion_6d0a76327dca4869_0007.000b_df227eeaae3cac0d\DellSystemDetect.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [754984 2016-05-18] (Alps Electric Co., Ltd.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8861944 2016-07-29] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427704 2016-07-29] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-09-30] (Intel Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKU\S-1-5-21-1425446643-2985461573-791015783-1001\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1425446643-2985461573-791015783-1001\...\Run: [DellSystemDetect] => C:\Users\Positive_Michal J\AppData\Local\Apps\2.0\458J2XEG.5AH\XEHJM30Q.X30\dell..tion_6d0a76327dca4869_0007.000b_df227eeaae3cac0d\DellSystemDetect.exe [310728 2017-01-09] (Dell) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{306a98b1-0e15-4cf5-9305-fbb69b63abfc}: [DhcpNameServer] 194.54.22.2 194.146.219.19 Tcpip\..\Interfaces\{7799331b-ccf3-4b32-b5ef-2126758ab02e}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1425446643-2985461573-791015783-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/ HKU\S-1-5-21-1425446643-2985461573-791015783-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-03-24] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-24] (Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-24] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-24] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-24] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-24] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-24] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-24] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-24] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-24] (Microsoft Corporation) Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/intl/pl/" CHR Profile: C:\Users\Positive_Michal J\AppData\Local\Google\Chrome\User Data\Default [2017-05-04] CHR Extension: (Dokumenty Google) - C:\Users\Positive_Michal J\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-26] CHR Extension: (Dysk Google) - C:\Users\Positive_Michal J\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-26] CHR Extension: (YouTube) - C:\Users\Positive_Michal J\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-26] CHR Extension: (Adblock Plus) - C:\Users\Positive_Michal J\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22] CHR Extension: (uBlock Origin) - C:\Users\Positive_Michal J\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-05-04] CHR Extension: (Adobe Acrobat) - C:\Users\Positive_Michal J\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03] CHR Extension: (Arkusze Google) - C:\Users\Positive_Michal J\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-26] CHR Extension: (Dokumenty Google offline) - C:\Users\Positive_Michal J\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-26] CHR Extension: (AdBlock) - C:\Users\Positive_Michal J\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Positive_Michal J\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-18] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Positive_Michal J\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (Gmail) - C:\Users\Positive_Michal J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-26] CHR Extension: (Chrome Media Router) - C:\Users\Positive_Michal J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06] CHR HKU\S-1-5-21-1425446643-2985461573-791015783-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104744 2016-05-18] (Alps Electric Co., Ltd.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3736776 2017-03-05] (Microsoft Corporation) S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-08-07] (CyberLink) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-02] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-09-30] (Intel Corporation) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 O2FLASH; C:\WINDOWS\System32\drivers\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [318712 2016-07-29] (Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) U5 AthDfu; C:\Windows\System32\Drivers\AthDfu.sys [55448 2014-09-22] (Windows (R) Win 7 DDK provider) R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [41824 2014-06-10] (Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [35136 2014-06-10] (Intel Corporation) R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [547840 2015-09-12] (Intel Corporation) R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [192624 2014-06-10] (Intel Corporation) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [341256 2016-03-18] (Intel Corporation) R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTDVHD64.sys [2686200 2016-07-29] (Realtek Semiconductor Corp.) R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [77992 2014-04-30] (Intel Corporation) S3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-05-27] () S3 iwsehub; C:\WINDOWS\System32\drivers\iwsehub.sys [419120 2015-01-08] (Intel Corporation) S3 iwsepal; C:\WINDOWS\System32\drivers\iwsepal.sys [613168 2015-01-08] (Intel Corporation) S3 lehidmini; C:\WINDOWS\System32\drivers\leath_hid.sys [39704 2014-09-22] (Atheros) S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0_ambarella_1_2_3_0.sys [44480 2013-12-25] (hxxp://libusb-win32.sourceforge.net) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 Netwtw02; C:\WINDOWS\System32\drivers\Netwtw02.sys [6732552 2016-06-15] (Intel Corporation) R3 O2FJ2RDR; C:\WINDOWS\System32\drivers\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro ) S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; c:\program files\dell\supportassist\pcdsrvc_x64.pkms [25584 2016-09-11] (PC-Doctor, Inc.) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [93872 2014-04-21] (STMicroelectronics) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-05-04 09:09 - 2017-05-04 09:09 - 00000000 ___HD C:\OneDriveTemp 2017-05-04 08:58 - 2017-05-04 08:58 - 00001497 _____ C:\Users\Positive_Michal J\Desktop\malwarebytesraport.txt 2017-05-04 08:52 - 2017-05-04 09:07 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-05-04 08:52 - 2017-05-04 09:07 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-05-04 08:52 - 2017-05-04 09:07 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-05-04 08:52 - 2017-05-04 09:07 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-05-04 08:52 - 2017-05-04 08:52 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-05-04 08:52 - 2017-05-04 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-05-04 08:52 - 2017-05-04 08:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-05-04 08:52 - 2017-05-04 08:52 - 00000000 ____D C:\Program Files\Malwarebytes 2017-05-04 08:52 - 2017-03-22 11:02 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-05-04 08:30 - 2017-05-04 08:51 - 60107896 _____ (Malwarebytes ) C:\Users\Positive_Michal J\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe 2017-05-04 08:29 - 2017-05-04 08:26 - 00001198 _____ C:\Users\Positive_Michal J\Downloads\fixlist.txt 2017-05-04 08:26 - 2017-05-04 08:26 - 00001198 _____ C:\Users\Positive_Michal J\Documents\fixlist.txt 2017-05-03 20:28 - 2017-05-04 08:19 - 00000000 ____D C:\Users\Positive_Michal J\AppData\Roaming\floating-3 2017-05-03 20:09 - 2017-05-03 20:10 - 00000000 ____D C:\ProgramData\amlcd-96 2017-05-03 15:12 - 2017-05-04 08:19 - 00000000 ____D C:\Users\Positive_Michal J\AppData\Roaming\fusion-1 2017-05-03 12:53 - 2017-05-04 08:18 - 00000000 ____D C:\ProgramData\rs422-27 2017-04-28 13:55 - 2017-04-28 13:55 - 00082545 _____ C:\Users\Positive_Michal J\Downloads\-VIVENGE-PRODUKCJA-1-SP-Z-O-O_Faktura_2017-04-010_7527.pdf 2017-04-27 13:05 - 2017-04-27 13:05 - 00745282 _____ C:\Users\Positive_Michal J\Documents\Scan0031.pdf 2017-04-27 13:04 - 2017-04-27 13:04 - 00791756 _____ C:\Users\Positive_Michal J\Documents\Scan0030.pdf 2017-04-26 14:07 - 2017-04-26 14:07 - 00082158 _____ C:\Users\Positive_Michal J\Downloads\TERYTORIUM-SP-Z-O-O_Faktura_2017-04-009_7075.pdf 2017-04-26 12:15 - 2017-04-26 12:15 - 00061211 _____ C:\Users\Positive_Michal J\Downloads\47f5825ddb1b498ab5d389a38eaae851.pdf 2017-04-26 12:15 - 2017-04-26 12:15 - 00060847 _____ C:\Users\Positive_Michal J\Downloads\obecna rata.pdf 2017-04-26 12:15 - 2017-04-26 12:15 - 00060830 _____ C:\Users\Positive_Michal J\Downloads\88a08902aa324437843578f2f2996006.pdf 2017-04-26 12:15 - 2017-04-26 12:15 - 00060637 _____ C:\Users\Positive_Michal J\Downloads\7941bf9dce9a4adcbfdb9ae13477809f.pdf 2017-04-26 12:15 - 2017-04-26 12:15 - 00060581 _____ C:\Users\Positive_Michal J\Downloads\c524bca729824a4092df527651a5c415.pdf 2017-04-26 11:10 - 2017-04-26 11:10 - 00284946 _____ C:\Users\Positive_Michal J\Documents\szkoda infobox.pdf 2017-04-26 10:42 - 2017-04-26 10:42 - 00265306 _____ C:\Users\Positive_Michal J\Documents\lpp_szkoda_02.pdf 2017-04-26 10:41 - 2017-04-26 10:41 - 00274875 _____ C:\Users\Positive_Michal J\Documents\lpp_szkoda_01.pdf 2017-04-26 10:40 - 2017-04-26 10:40 - 00275035 _____ C:\Users\Positive_Michal J\Documents\Scan0029.pdf 2017-04-26 08:18 - 2017-05-04 09:23 - 00030605 _____ C:\Users\Positive_Michal J\Downloads\Addition.txt 2017-04-26 08:18 - 2017-04-26 08:18 - 00045325 _____ C:\Users\Positive_Michal J\Downloads\Shortcut.txt 2017-04-26 08:17 - 2017-05-04 09:24 - 00018127 _____ C:\Users\Positive_Michal J\Downloads\FRST.txt 2017-04-26 08:16 - 2017-05-04 09:24 - 00000000 ____D C:\FRST 2017-04-26 08:10 - 2017-05-04 08:32 - 02428928 _____ (Farbar) C:\Users\Positive_Michal J\Downloads\FRST64.exe 2017-04-26 08:03 - 2017-04-26 08:04 - 00047754 _____ C:\Users\Positive_Michal J\Desktop\gmer.txt 2017-04-25 20:40 - 2017-04-25 20:40 - 00371411 _____ C:\Users\Positive_Michal J\Downloads\gm.zip 2017-04-25 17:42 - 2017-04-25 17:48 - 55356624 _____ (Microsoft Corporation) C:\Users\Positive_Michal J\Downloads\Windows-KB890830-x64-V5.47.exe 2017-04-24 10:10 - 2017-04-24 10:11 - 00000000 ____D C:\AdwCleaner 2017-04-24 10:09 - 2017-04-24 10:10 - 04089296 _____ C:\Users\Positive_Michal J\Downloads\adwcleaner_6.045.exe 2017-04-24 09:45 - 2017-04-24 09:45 - 00082659 _____ C:\Users\Positive_Michal J\Downloads\GRZECZKOWICZ-COMPANY-GRZEGORZ-GRZECZKOWICZ_Faktura_2017-04-008_9786.pdf 2017-04-20 21:43 - 2017-04-24 10:11 - 00000000 ____D C:\Users\Positive_Michal J\AppData\Local\FSDART 2017-04-20 21:42 - 2017-04-20 21:48 - 00000000 ____D C:\ProgramData\F-Secure 2017-04-20 21:42 - 2017-04-20 21:42 - 00524248 _____ (F-Secure Corporation) C:\Users\Positive_Michal J\Downloads\F-SecureOnlineScanner.exe 2017-04-20 21:42 - 2017-04-20 21:42 - 00000000 ____D C:\Users\Positive_Michal J\AppData\Local\F-Secure 2017-04-20 21:41 - 2017-04-20 21:42 - 06758528 _____ (ESET spol. s r.o.) C:\Users\Positive_Michal J\Downloads\ESETOnlineScanner_PLK.exe 2017-04-20 13:17 - 2017-04-20 13:17 - 04025140 _____ C:\Users\Positive_Michal J\Downloads\Color Expert_UM_Rev.1.0_Eng_140402.pdf 2017-04-19 15:35 - 2017-04-24 17:07 - 00000000 ____D C:\Users\Positive_Michal J\Downloads\Fitnesik 2017-04-19 11:58 - 2017-04-19 11:58 - 00083695 _____ C:\Users\Positive_Michal J\Downloads\A-J-TELECOM-SP-Z-O-O_Oferta_zakupowa_001_2111.pdf 2017-04-18 15:32 - 2017-04-19 15:45 - 00000000 ____D C:\ProgramData\lz 2017-04-18 12:47 - 2017-04-18 12:47 - 00000000 ____D C:\Users\Positive_Michal J\Desktop\bhp i bad lek 2017-04-18 12:39 - 2017-04-18 12:39 - 00082558 _____ C:\Users\Positive_Michal J\Downloads\B-O-L-D-Y-R-E-C-O-R-D-S-SYLWESTER-ZDOBYLAK_Faktura_2017-04-007_3377.pdf 2017-04-13 20:43 - 2017-04-13 20:43 - 00888832 _____ C:\Users\Positive_Michal J\Downloads\Cyberlink_Powerdirector_14_Crack_Activation_Key_Full_Latest.iso 2017-04-13 20:41 - 2017-04-13 20:42 - 00888832 _____ C:\Users\Positive_Michal J\Downloads\CyberLink_PowerDirector_14_Ultimate_With_Crack.iso 2017-04-13 20:33 - 2017-04-13 21:37 - 767333536 _____ C:\Users\Positive_Michal J\Downloads\PowerDirector_3515_GM5_LE_LE_VDE161118-01_Normal.exe 2017-04-13 20:06 - 2017-04-13 20:07 - 01268552 _____ ( ) C:\Users\Positive_Michal J\Downloads\GoPro Studio 2.5.9.2658.exe 2017-04-13 20:05 - 2017-04-13 20:20 - 115345816 _____ C:\Users\Positive_Michal J\Downloads\GoProStudioPC-2.0.1.319.exe 2017-04-13 14:30 - 2017-04-13 14:30 - 00000000 ____D C:\ProgramData\Ambarella 2017-04-13 14:30 - 2013-12-25 15:26 - 00044480 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\Drivers\libusb0_ambarella_1_2_3_0.sys 2017-04-13 14:29 - 2017-04-13 16:33 - 00000000 ____D C:\Users\Positive_Michal J\Downloads\Lamax FW_v1.0_to_v1.1_pl (1) 2017-04-13 09:55 - 2017-04-13 09:55 - 00082551 _____ C:\Users\Positive_Michal J\Downloads\LPP-SP-KA-AKCYJNA_Faktura_2017-04-006_3981.pdf 2017-04-12 13:03 - 2017-04-12 13:03 - 00231782 _____ C:\Users\Positive_Michal J\Desktop\Cennik NEC - Reseller-Apr-2017-EUR.pdf 2017-04-12 11:03 - 2017-04-12 11:03 - 00082562 _____ C:\Users\Positive_Michal J\Downloads\LPP-SP-KA-AKCYJNA_Faktura_2017-04-006_1983.pdf 2017-04-12 11:03 - 2017-04-12 11:03 - 00082511 _____ C:\Users\Positive_Michal J\Downloads\LPP-SP-KA-AKCYJNA_Faktura_2017-04-005_7080.pdf 2017-04-12 10:03 - 2017-04-24 10:12 - 00000666 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1425446643-2985461573-791015783-1001.job 2017-04-12 10:03 - 2017-04-23 13:10 - 00003858 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1425446643-2985461573-791015783-1001 2017-04-12 10:03 - 2017-04-23 13:10 - 00000762 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1425446643-2985461573-791015783-1001.job 2017-04-08 11:05 - 2017-04-08 11:05 - 00850243 _____ C:\Users\Positive_Michal J\Downloads\ThiEye.MP4 2017-04-07 14:07 - 2017-04-07 14:07 - 00082097 _____ C:\Users\Positive_Michal J\Downloads\GRAMINA-SP-Z-O-O_Faktura_2017-04-004_5817.pdf 2017-04-07 10:44 - 2017-04-07 10:44 - 00275898 _____ C:\Users\Positive_Michal J\Downloads\protokol krakowska house.pdf 2017-04-07 10:39 - 2017-04-07 10:39 - 00242797 _____ C:\Users\Positive_Michal J\Documents\faktura scan Galeria Krakowska Salon House.pdf 2017-04-07 10:37 - 2017-04-07 10:37 - 00275970 _____ C:\Users\Positive_Michal J\Desktop\protokół Galeria Krakowska Salon House.pdf 2017-04-07 10:29 - 2017-04-07 10:29 - 00082673 _____ C:\Users\Positive_Michal J\Downloads\LPP-SP-KA-AKCYJNA_Faktura_2017-04-002_4312.pdf 2017-04-07 10:23 - 2017-04-07 10:23 - 00054389 _____ C:\Users\Positive_Michal J\Downloads\Szczegoly_operacji_2017-04-07_10-23-24.pdf 2017-04-07 10:23 - 2017-04-07 10:23 - 00054175 _____ C:\Users\Positive_Michal J\Downloads\Szczegoly_operacji_2017-04-07_10-23-29.pdf 2017-04-07 10:02 - 2017-04-07 10:02 - 00340883 _____ C:\Users\Positive_Michal J\Documents\Scan0028.pdf 2017-04-06 12:02 - 2017-04-06 12:02 - 00145692 _____ C:\Users\Positive_Michal J\Documents\Scan0027.pdf 2017-04-06 12:00 - 2017-04-06 12:00 - 00375126 _____ C:\Users\Positive_Michal J\Documents\Scan0026.pdf 2017-04-06 11:42 - 2017-04-06 11:42 - 00018288 _____ C:\Users\Positive_Michal J\Downloads\AB-A1669519.pdf 2017-04-06 11:40 - 2017-04-06 11:40 - 00054147 _____ C:\Users\Positive_Michal J\Downloads\Szczegoly_operacji_2017-04-06_11-40-05.pdf 2017-04-06 11:40 - 2017-04-06 11:40 - 00053940 _____ C:\Users\Positive_Michal J\Downloads\Szczegoly_operacji_2017-04-06_11-40-11.pdf 2017-04-04 11:26 - 2017-04-04 11:26 - 00123571 _____ C:\Users\Positive_Michal J\Downloads\SURFLAND-SYSTEMY-KOMPUTEROWE-SP-KA-AKCYJNA_Faktura_2017-04-003_6390.pdf ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-05-04 09:12 - 2016-07-17 00:05 - 01632838 _____ C:\WINDOWS\system32\perfh015.dat 2017-05-04 09:12 - 2016-07-17 00:05 - 00425342 _____ C:\WINDOWS\system32\perfc015.dat 2017-05-04 09:12 - 2016-05-29 19:47 - 03773468 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-05-04 09:09 - 2016-05-29 20:23 - 00000000 ___RD C:\Users\Positive_Michal J\OneDrive 2017-05-04 09:08 - 2016-05-29 13:15 - 00000000 __SHD C:\Users\Positive_Michal J\IntelGraphicsProfiles 2017-05-04 09:07 - 2016-08-29 15:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-05-04 09:07 - 2016-08-29 15:19 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-05-04 09:07 - 2016-07-16 08:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI 2017-05-04 09:07 - 2016-05-29 19:43 - 00147656 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_99E320F5.sys 2017-05-04 08:38 - 2017-03-24 13:37 - 00000008 __RSH C:\ProgramData\ntuser.pol 2017-05-04 08:35 - 2016-10-10 10:51 - 00000000 ____D C:\Users\Positive_Michal J\AppData\LocalLow\Temp 2017-05-04 08:34 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-05-04 08:17 - 2016-07-28 09:26 - 00000412 _____ C:\WINDOWS\Tasks\HPCeeScheduleForPositive_Michal J.job 2017-05-04 08:15 - 2016-08-29 15:18 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-05-03 22:38 - 2016-06-26 17:46 - 00000000 ____D C:\Users\Positive_Michal J\Documents\Pliki programu Outlook 2017-05-03 15:12 - 2016-05-29 13:15 - 00000000 ____D C:\Users\Positive_Michal J\AppData\Local\VirtualStore 2017-05-03 12:13 - 2016-08-29 15:25 - 00003352 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForPositive_Michal J 2017-05-03 12:10 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-05-03 12:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-05-03 12:10 - 2016-05-29 13:15 - 00000000 ____D C:\Users\Positive_Michal J\AppData\Local\Packages 2017-04-30 20:46 - 2017-03-18 16:22 - 00000000 ____D C:\Users\Positive_Michal J\AppData\Local\ElevatedDiagnostics 2017-04-30 15:48 - 2016-08-29 15:25 - 00003566 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-04-30 15:48 - 2016-08-29 15:25 - 00003442 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-04-28 14:12 - 2017-02-07 13:23 - 00000000 ____D C:\Users\Positive_Michal J\Desktop\M+W Projekt dla 3M __ 2 sale 2017-04-25 17:49 - 2016-06-26 15:32 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-04-24 17:12 - 2017-02-21 12:37 - 00000000 ____D C:\Users\Positive_Michal J\Documents\zrzut pendrive 2017-04-24 14:27 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\registration 2017-04-21 21:52 - 2016-11-18 14:22 - 00000000 ___RD C:\Users\Positive_Michal J\Dysk Google 2017-04-21 20:43 - 2016-06-26 13:01 - 00000000 ____D C:\Users\Positive_Michal J\AppData\Local\Adobe 2017-04-21 20:33 - 2016-08-29 15:25 - 00004700 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-04-21 20:33 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-04-21 20:33 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-04-20 11:43 - 2017-03-08 11:34 - 00000000 ____D C:\Users\Positive_Michal J\Desktop\Wieliczka 2017 - Outdoor i DS 2017-04-13 20:43 - 2015-06-02 03:18 - 00000000 ____D C:\ProgramData\CyberLink 2017-04-13 20:24 - 2016-08-29 15:25 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2017-04-13 20:24 - 2016-06-26 13:04 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-04-13 16:29 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF 2017-04-13 16:23 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-04-12 19:40 - 2016-12-13 13:24 - 00003314 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-04-12 19:40 - 2016-05-29 20:23 - 00002445 _____ C:\Users\Positive_Michal J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-04-12 10:03 - 2016-06-28 11:18 - 00000000 ____D C:\Users\Positive_Michal J\AppData\Local\Citrix 2017-04-08 20:03 - 2016-06-26 13:08 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-04-06 09:12 - 2016-06-26 12:51 - 00002280 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ==================== Pliki w katalogu głównym wybranych folderów ======= 2016-11-18 12:44 - 2016-11-18 12:44 - 0000057 _____ () C:\ProgramData\Ament.ini 2015-06-02 03:24 - 2015-06-02 03:24 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2015-06-02 03:19 - 2015-06-02 03:20 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2015-06-02 03:20 - 2015-06-02 03:21 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2015-06-02 03:22 - 2015-06-02 03:23 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2015-06-02 03:18 - 2015-06-02 03:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-04-30 20:46 ==================== Koniec FRST.txt ============================